Project

General

Profile

Bug #6020

panic in smbsrv netbios_first_level_name_decode

Added by Gordon Ross over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cifs - CIFS server and client
Start date:
2015-06-21
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Kernel panic seen occasionally "in the wild":

BAD TRAP: type=e (#pf Page fault) rp=ffffff003d137840 addr=ffffff0c3e2f3000 

ffffff003d137840 unix:cmntrap+e6 () 
ffffff003d137960 smbsrv:netbios_first_level_name_decode+bb () 
ffffff003d137aa0 smbsrv:netbios_name_isvalid+2f () 
ffffff003d137b40 smbsrv:smb_session_request+cb () 
ffffff003d137b80 smbsrv:smb_session_receiver+3e () 
ffffff003d137bb0 smbsrv:smb_server_receiver+28 () 
ffffff003d137c40 genunix:taskq_d_thread+b1 () 
ffffff003d137c50 unix:thread_start+8 () 
#1

Updated by Gordon Ross over 5 years ago

The decoding of the "scope" field is not sufficiently careful about lengths boundary checks etc.
We didn't want to support NetBIOS scopes, so I just removed that code.

#2

Updated by Gordon Ross over 5 years ago

  • Category set to cifs - CIFS server and client
#3

Updated by Electric Monk over 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit b3988cf65491efce7a0df7b735c586e4e12714f0

commit  b3988cf65491efce7a0df7b735c586e4e12714f0
Author: Gordon Ross <gwr@nexenta.com>
Date:   2015-10-04T15:58:42.000Z

    6020 panic in smbsrv netbios_first_level_name_decode
    Reviewed by: Alek Pinchuk <alek.pinchuk@nexenta.com>
    Reviewed by: Dan Fields <dan.fields@nexenta.com>
    Reviewed by: Paul Nenaber <paul.nienaber@nexenta.com>
    Reviewed by: Andy Stormont <astormont@racktopsystems.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Approved by: Garrett D'Amore <garrett@damore.org>

Also available in: Atom PDF